Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Detected: Riskware Invader Running Process: C:\program Files\common Files\logishrd\lvmvfm\lvprcsrv.exe


  • This topic is locked This topic is locked
23 replies to this topic

#1 super goku

super goku

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 07 September 2007 - 06:14 PM

Hello,

Kaspersky gives me the following detection:
detected: riskware Invader Running process: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

When I am on the desktop, it makes my monitor "refresh" without moving the icons and my cpu slower. Moreover, it takes about 5 minutes to load the "add/remove programs" menu.

I am pretty sure I am infected...please help!

HighjackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:06 PM, on 07/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182903343453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182904838407
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11040 bytes



Thank you,
Goku

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:07 PM

Posted 13 September 2007 - 12:22 PM

Hi,

Don't worry about that alert from Kaspersky. The file is related with your Logitech Quickam
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 17 September 2007 - 12:05 AM

Hello, sorry about the late reply...

There is definitely something wrong...I always get Dr. Watson giving me errors. I cant do anything until I forcefully kill all processes and restart my computer.

Help please.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:07 PM

Posted 17 September 2007 - 05:59 AM

When exactly do you get drwatson errors? What program are you opening then?
Have you been deleting files you were not supposed to delete?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 17 September 2007 - 09:38 AM

I get Dr. Watson when I use MS Word or sometimes even Internet Explorer. Is there a report that I can post?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:07 PM

Posted 17 September 2007 - 12:09 PM

I see you are using the Nvidia Firewall. It has been reported that there are many problems with it, so that's why I want you to test and uninstall it. Then reboot after uninstalling. Maybe that will resolve your Drwatson errors...
If I am not mistaken, the nvidia firewall should be called NetworkAccessManager in add/remove programs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 17 September 2007 - 04:20 PM

My Nvidia Firewall is disabled. Should i still uninstall it?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:07 PM

Posted 17 September 2007 - 04:27 PM

Disabling won't work, because it's still active anyway - so yes, uninstall it and reboot afterwards.
As I already said before - the Nvidia Firewall is a cause of many problems. Forums are full with complaints after they installed the nvidia firewall... and it wouldn't suprise me it's the cause of your problems as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 17 September 2007 - 04:42 PM

I have just removed the NVIDIA Firewall.

Just before I removed, I would like to post an error that I was getting (not while removing the firewall) but along with the Dr. Watson errors.

Attached Files



#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:07 PM

Posted 18 September 2007 - 12:29 AM

DrWatson errors are so random and it is almost impossible to figure out what exactly is causing them... But these errors were from before you uninstalled the Nvidia firewall.
After uninstalling - do you still get these errors?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 18 September 2007 - 07:30 AM

The errors are still re-occuring Even though removing Nvidia Firewall has made my computer much faster, the errors occur espescially when I run Internet Explorer and Java Applets as well as MSN.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:07 PM

Posted 18 September 2007 - 08:06 AM

Ok... thanks for your reply and the test.

When drwatson errors are present and I don't see anything suspicious in logs, in 80% of the cases it's security software being responsible for this. Since you were having the Nvidia Firewall which is very buggy, I assumed it was nvidia in the first place. But it could also be your Kaspersky - but we can test this out afterwards.

Let's take a look first if nothing malware related is hiding there, so do next..

* Download Combofix to your desktop.
In case you already used Combofix previously, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 19 September 2007 - 12:34 AM

I tried running Combofix but it wouldnt finish.

The window was saying something along the line of: "cannot access this part...". My computer is acting up much more than before. I can rarely use IE without getting a Dr. Watson error.

Help! it looks like "smitfraud"?

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:07 PM

Posted 19 September 2007 - 02:16 AM

I think Kaspersky is interfering with Combofix.
Can you try Combofix in Windows Safe mode?

I don't see any traces of smitfraud or other malware in your HijackThislog, that's why Combofix is needed to have a look at some other entries and to see if something is hiding there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 19 September 2007 - 05:29 PM

Hi miekiemoes,

Here's the Combofix log:

ComboFix 07-09-18.4 - "Administrator" 2007-09-19 18:21:37.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.1777 [GMT -4:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-18 17:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 10:56 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-14 14:47 <DIR> d-------- C:\Program Files\NCH Software
2007-09-14 14:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
2007-09-13 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-09-13 19:26 <DIR> d-------- C:\DOCUME~1\Brothers\APPLIC~1\NCH Swift Sound
2007-09-13 09:25 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-13 09:25 <DIR> d-------- C:\DOCUME~1\Brothers\APPLIC~1\Real
2007-09-11 20:23 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-09-11 20:23 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-09-11 20:23 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-09-11 20:23 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-09-11 20:23 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-09-11 20:23 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-09-11 20:23 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-09-11 20:23 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-09-11 17:40 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-11 17:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-11 17:40 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-11 17:40 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-09-11 17:40 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-11 17:20 <DIR> d-------- C:\Program Files\Codemasters
2007-09-09 19:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-09-07 17:03 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-07 17:03 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-07 17:03 8,823,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-07 17:03 276,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-07 17:03 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-07 17:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-07 16:59 <DIR> d-------- C:\kav
2007-09-07 09:42 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-09-07 00:27 <DIR> d-------- C:\MyDVD
2007-09-07 00:23 <DIR> d-------- C:\Program Files\AoA DVD Creator
2007-09-06 21:17 <DIR> d-------- C:\AoATemp
2007-09-06 20:42 <DIR> d-------- C:\Program Files\AoA DVD Copy
2007-09-06 20:42 <DIR> d-------- C:\DOCUME~1\Brothers\APPLIC~1\dvdcss
2007-09-06 18:42 <DIR> d-------- C:\DRUNKEN_MONKEY
2007-09-06 18:37 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-09-06 01:25 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-09-06 01:25 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-09-06 01:25 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-06 01:25 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-09-06 01:25 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-09-06 01:25 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-09-06 01:25 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-09-06 01:25 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-09-06 01:14 <DIR> d-------- C:\Program Files\THQ
2007-09-05 23:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-09-03 10:20 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-09-02 19:54 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-09-02 19:54 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-09-02 19:53 6,400 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-09-02 19:53 46,208 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-09-02 19:53 21,632 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-09-02 19:53 11,136 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-09-02 19:53 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-09-02 08:59 <DIR> d-------- C:\DOCUME~1\Brothers\APPLIC~1\My Games
2007-09-02 08:53 <DIR> d-------- C:\Program Files\Firaxis Games
2007-09-02 08:49 <DIR> d-------- C:\Program Files\PowerISO
2007-09-01 11:52 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-01 11:52 <DIR> dr-h----- C:\DOCUME~1\Brothers\APPLIC~1\SecuROM
2007-09-01 11:46 <DIR> d-------- C:\Program Files\EA Sports
2007-09-01 11:45 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-31 17:30 <DIR> d-------- C:\Program Files\Microsoft Games
2007-08-31 17:06 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-08-31 17:03 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-30 20:44 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-30 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-29 16:11 <DIR> d-------- C:\Program Files\BitLord
2007-08-28 21:40 <DIR> d-------- C:\WINDOWS\nview
2007-08-28 19:19 <DIR> d-------- C:\NVIDIA
2007-08-26 10:44 <DIR> d-------- C:\DOCUME~1\Brothers\APPLIC~1\ScanSoft
2007-08-24 18:13 <DIR> d-------- C:\DOCUME~1\Brothers\APPLIC~1\CyberLink
2007-08-24 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-22 19:46 <DIR> d-------- C:\Program Files\Nero
2007-08-22 19:46 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-22 19:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-22 19:37 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-08-22 19:37 <DIR> d-------- C:\MyWorks
2007-08-22 19:36 <DIR> d-------- C:\Program Files\CyberLink
2007-08-21 19:15 <DIR> d-------- C:\WINDOWS\NV36763680.TMP
2007-08-21 12:46 <DIR> dr-h----- C:\DOCUME~1\Brothers\APPLIC~1\yahoo!
2007-08-21 12:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-21 12:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-21 12:30 <DIR> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 00:58 26444 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-18 00:58 116216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-17 17:44 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-17 10:50 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-17 01:31 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-13 09:25 --------- d-------- C:\Program Files\Real
2007-09-13 09:25 --------- d-------- C:\Program Files\Common Files\Real
2007-09-11 17:20 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-09 19:01 --------- d-------- C:\Program Files\Common Files\logishrd
2007-09-09 19:00 --------- d-------- C:\Program Files\Logitech
2007-09-09 12:28 --------- d-------- C:\Program Files\Sony Corporation
2007-09-04 13:16 --------- d-------- C:\DOCUME~1\Brothers\APPLIC~1\Nokia
2007-08-22 19:47 --------- d-------- C:\DOCUME~1\Brothers\APPLIC~1\Ahead
2007-08-21 19:11 --------- d-------- C:\Program Files\ATI Technologies
2007-08-20 07:08 --------- d-------- C:\Program Files\DivX
2007-08-19 09:51 --------- d-------- C:\DOCUME~1\Brothers\APPLIC~1\U3
2007-08-18 16:21 --------- dr------- C:\DOCUME~1\Brothers\APPLIC~1\Brother
2007-08-16 20:51 --------- d-------- C:\Program Files\Brother
2007-08-16 20:50 --------- d-------- C:\Program Files\ScanSoft
2007-08-16 20:50 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-16 20:50 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-16 20:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-08-16 20:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-16 20:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
2007-08-12 15:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-11 08:14 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 08:14 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 19:08 --------- d-------- C:\Program Files\Lx_cats
2007-08-04 09:42 --------- d-------- C:\Program Files\QuickTime
2007-08-02 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-02 12:45 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:17 --------- d-------- C:\Program Files\Warcraft III
2007-07-29 01:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-07-29 01:50 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-07-28 18:45 --------- d-------- C:\Program Files\MSN Games
2007-07-26 19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-26 19:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-26 19:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 19:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 19:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 19:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 19:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 19:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 19:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 19:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 19:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 19:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-25 18:48 --------- d-------- C:\Program Files\Nokia
2007-07-25 18:48 --------- d-------- C:\Program Files\Common Files\Nokia
2007-07-25 18:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-07-25 18:41 --------- d-------- C:\DOCUME~1\Brothers\APPLIC~1\PC Suite
2007-07-25 18:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-07-25 18:36 --------- d-------- C:\Program Files\PC Connectivity Solution
2007-07-25 18:36 --------- d-------- C:\Program Files\DIFX
2007-07-25 18:36 --------- d-------- C:\Program Files\Common Files\PCSuite
2007-07-25 18:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-15 10:58 126976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-07 21:52 315392 --a------ C:\WINDOWS\HideWin.exe
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 14:49 C:\WINDOWS\RTHDCPL.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-04 09:42]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 03:09]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 09:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);C:\WINDOWS\system32\drivers\pe3ah4nb.sys
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys
R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 18:22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-19 18:23:05
C:\ComboFix-quarantined-files.txt ... 2007-09-19 18:23
.
--- E O F ---


Thanks,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users